From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/688 Path: main.gmane.org!not-for-mail From: "Milan P. Stanic" Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: runit running under linux 2.4 with openwall patches Date: Wed, 26 Jan 2005 13:07:01 +0100 Message-ID: <20050126120700.GA3945@rns-nis.co.yu> References: <20050121193151.5581.qmail@f99cf6af5269a6.315fe32.mid.smarden.org> <1106650731.41f6266bcbe61@www.wolfpuppy.org.uk> <84B8E07C-6F29-11D9-9341-000A9598BFB2@annvix.org> <20050126004448.GI10265@digitus> <31302029-6F53-11D9-9341-000A9598BFB2@annvix.org> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" X-Trace: sea.gmane.org 1106743434 5046 80.91.229.6 (26 Jan 2005 12:43:54 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Wed, 26 Jan 2005 12:43:54 +0000 (UTC) Original-X-From: supervision-return-927-gcsg-supervision=m.gmane.org@list.skarnet.org Wed Jan 26 13:43:49 2005 Return-path: Original-Received: from antah.skarnet.org ([212.85.147.14]) by deer.gmane.org with smtp (Exim 3.35 #1 (Debian)) id 1CtmWT-0001wN-00 for ; Wed, 26 Jan 2005 13:43:49 +0100 Original-Received: (qmail 1240 invoked by uid 76); 26 Jan 2005 12:44:09 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 1234 invoked from network); 26 Jan 2005 12:44:09 -0000 Original-To: supervision@list.skarnet.org Mail-Followup-To: supervision@list.skarnet.org Content-Disposition: inline In-Reply-To: <31302029-6F53-11D9-9341-000A9598BFB2@annvix.org> X-GPG-Fingerprint: EA81 54A6 7F35 5A38 FCE6 9EF6 9D24 E68E 5C1D AF15 User-Agent: Mutt/1.5.6+20040907i X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at rns-nis.co.yu Xref: main.gmane.org gmane.comp.sysutils.supervision.general:688 X-Report-Spam: http://spam.gmane.org/gmane.comp.sysutils.supervision.general:688 --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 25, 2005 at 09:31:48PM -0700, Vincent Danen wrote: >=20 > On Jan 25, 2005, at 17:44, Csillag Tam=E1s wrote: >=20 > >>>Yes, it's dietlibc. Dietlibc executes code from the stack during > >>>system calls, > >>>afaict. > >> > >>Well, it's definitely dietlibc. I compiled runit with glibc > >>(statically) and it works just fine. Very strange. > >I got the same with grsecurity (www.grsecurity.org). > >Well it did not stated exactly in the log that the stack operation is=20 > >the > >cause of killing that process. > > > >It could happen for *all* dietlibc linked program. > >(I experienced in: runsv svlogd fnord tcpsvd ... ) >=20 > Odd thing here is that I tried a few other apps that were=20 > dietlibc-compiled and didn't see a problem. >=20 > Hmmm... spoke too soon. None of the services requiring tcpsvd were=20 > installed, so I tried with rsync and if I start supervise on those=20 > services, nothing happens. But if "sh -x run" myself, I can see the=20 > services are starting. Not sure if recompiling ipsvd without dietlibc=20 > will help, but it's something I'll have to try. >=20 > >In grsec I use the chpax utility to bypass this security checks on=20 > >these > >(and only these) programs. >=20 > Ouch. Not a good solution. >=20 > >Maybe it is worth asking the author of dietlibc.. > >http://www.fefe.de/dietlibc/ >=20 > I have... and am in the middle of a conversation with him. He's very=20 > interested in seeing this resolved. Few months ago I noticed that *any* program which is compiled/linked with dietlibc segfaults under UML. Same programs with glibc works. I don't know if this is related to grsec problem but maybe this info can help. --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB94fknSTmjlwdrxURApaqAJ40Q4lZvx7dFZpwV/XX8GBrJe9AGACfb8kp 8eS63n07lxjjzzP2VeT6tcY= =g+gu -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA--